Black Hat Certified Pentester (BCPen)

What is Black Hat Certified Pentester Exam?

The Black Hat Certified Pentester (BCPen) is an intermediate level exam, intended to be taken by professional pentesters, bug-bounty hunters, red and blue team experts, and anyone wanting to evaluate or appraise their existing knowledge in topics involving hands-on pentesting. This practical, in-person exam covers a wide variety of topics and in order to successfully complete each section, candidates will have to obtain flags associated with every topic..

What is the pass criteria for the exam?

The pass criteria are as following:

• Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
• Candidates scoring over 75% marks will be deemed to have passed with a merit.

How long is the exam??

The exam will be for 8 hours (9 am to 6pm). However, an hour of lunch break can be taken during the exam. The exam can be taken on any one of the following four days:

• Saturday, August 5, 2023
• Sunday, August 6, 2023
• Monday, August 7, 2023
• Tuesday, August 8, 2023

What topics are covered??

The exam will cover the following topics of pentesting:

• Web Hacking (50%) – 4 hours (240 mins); 240 Marks*
• Infrastructure Hacking (50%) – 4 hours (240 mins); 240 Marks*

The complete list of topics can be found in the exam syllabus section below.

Note: The marks allocated for every question also indicates the time that a candidate is expected to spend in solving a question. For e.g. a question worth 30 marks, will require roughly 30 minutes, for it to be solved.

What is the format of the exam?

The exam will be a Capture The Flag (CTF) style Hackathon. It will be a full day event requiring candidates to capture flags as they go on identifying and exploiting various system vulnerabilities and score points, after submitting the flags and answering the associated questions.

What is the experience needed to take the exam, and what level of difficulty can be expected from the exam?

We recommend a minimum of 2 years of professional penetration testing/bug bounty experience before taking this exam. In terms of difficulty, on the scale of beginner, intermediate and advanced, this exam has been rated as intermediate. The exam tests candidates’ practical knowledge in identifying and exploiting vulnerabilities in real life pentesting scenarios.

To explain this a bit more, we expect candidates to be able to identify and exploit vulnerabilities such as SQL Injection and obtain relevant flags, however, we are not testing them on advanced web hacking concepts such as that of Second-order SQL Injection, within this exam. Similarly, to cite another example for infrastructure hacking, candidates are expected to use common hacking tools and techniques to demonstrate how to compromise a Windows Active Directory infrastructure, but they are not expected to write custom exploits, use or create 0-day exploits or perform reverse engineering etc.

Can I participate with my friends and colleagues as a team??

One can only participate in an individual capacity (i.e. teamwork is not allowed).

What tools/laptop do I need to bring?

Candidates must use their own laptop and can use hacking tools of their choice. Internet access will be available during the course of the exam, but no assistance will be provided with regard to installation/configuration of any tools. The hacking challenges can be solved using freely available tools and scripts.

What will candidates get??

Each candidate will receive: A certificate of participation. The certificate will mention pass/fail and merit status. In addition to this, candidates will be able to download a PDF report, which will have detailed scores for each section of the exam, allowing them to identify and focus on areas of improvement for future qualification and training.

Will you provide any training that can be taken prior to the exams?

Being an independent certifying authority, we (The SecOps Group) do not provide any training for the exam. Candidates should carefully go over each topic listed in the syllabus and make sure they have adequate understanding, required experience and practical knowledge of these topics.

What is the exam retake policy?

Candidates who fail the exam must purchase a new exam voucher for every attempt.